diff --git a/module.nix b/module.nix
index e452ca3..f828c8a 100644
--- a/module.nix
+++ b/module.nix
@@ -162,6 +162,9 @@ in
       originUrl = "https://${cfg.subdomain}.${sp.domain}/oauth/callback/generic";
       clientSystemdUnits = [ "writefreely.service" ];
       enablePkce = false;
+      scopeMaps = {
+        "${usersGroup}" = [ "email" "openid" "profile" "read_user" ];
+      };
       linuxUserOfClient = "writefreely";
       linuxGroupOfClient = "writefreely";
     };